HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...
5.4CVSS
5.8AI Score
EPSS
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...
5.4CVSS
EPSS
Summary IBM Maximo Application Suite - Monitor Component uses follow-redirects-1.15.4.tgz and follow-redirects-1.15.5.tgz which are vulnerable to CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:...
6.5CVSS
6.7AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...
8.2AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses multiple Netty package which is vulnerable to CVE-2024-29025. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of...
5.3CVSS
7.2AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote...
6.1CVSS
7.1AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses jose4j which is vulnerable to CVE-2023-51775. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by.....
7.2AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to...
7.5CVSS
6.1AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Monitor Component uses bcprov-jdk18on-1.76.jar which is vulnerable to CVE-2024-30171. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy Castle Crypto Package...
6.4AI Score
0.0004EPSS
nordicbiosite.com Cross Site Scripting vulnerability OBB-3938898
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Neiman Marcus confirms breach. Is the customer data already for sale?
Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....
7.5AI Score
CVE-2024-30112 HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...
5.4CVSS
EPSS
baseballquebec.com Cross Site Scripting vulnerability OBB-3938896
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...
7.2CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...
7.2CVSS
7.2AI Score
EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...
5.3CVSS
5.4AI Score
EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...
5.3CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...
5.3CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...
6.5CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...
6.5CVSS
6.2AI Score
EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...
5.3CVSS
5.5AI Score
EPSS
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...
7.1CVSS
6.8AI Score
EPSS
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...
7.1CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential...
8.6CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...
7.5CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...
7.5CVSS
7.6AI Score
EPSS
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...
7.1CVSS
6.8AI Score
EPSS
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...
7.1CVSS
EPSS
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential...
8.6CVSS
8.6AI Score
EPSS
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API...
EPSS
An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...
7AI Score
EPSS
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...
8.8CVSS
EPSS
An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...
EPSS
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API...
7.9AI Score
EPSS
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...
8.8CVSS
8.6AI Score
EPSS
EPSS
6.8AI Score
EPSS
Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access...
EPSS
Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access...
6.8AI Score
EPSS
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.5CVSS
7.8AI Score
0.003EPSS
CVE-2023-39326 affecting package golang for versions less than 1.21.6-1
CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
5.3CVSS
7.3AI Score
0.001EPSS
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.3AI Score
0.005EPSS
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
5.3CVSS
7.3AI Score
0.001EPSS
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.3AI Score
0.732EPSS
CVE-2023-45287 affecting package golang for versions less than 1.21.6-1
CVE-2023-45287 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.3AI Score
0.001EPSS
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
5.5CVSS
6AI Score
0.001EPSS
CVE-2023-7008 affecting package systemd for versions less than 123
CVE-2023-7008 affecting package systemd for versions less than 123. A patched version of the package is...
5.9CVSS
5.8AI Score
0.001EPSS
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is...
5.3CVSS
5.8AI Score
0.001EPSS
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS